Governors Release Compelling Cyber Roadmap for States

The NGA released a new compelling strategy paper called Act and Adjust: A Call to Action for Governors for Cybersecurity.

by / September 29, 2013 0

NGA Meeting in Washington

National Governors Association (NGA) Cybersecurity Meeting on Capitol Hill   (Left to right: Michigan Governor Rick Snyder, NGA Executive Director Dan Crippen and Major General William N. Reddell III)

For many years, government technology professionals around the USA have been urging more resources and more action regarding cybersecurity. Over the past decade, there were increasing numbers of alarming global reports, scary surveys, offsite meetings, white papers on technology risks, small cyber summits, large security conferences and much more.

Groups like the National Association of State Chief Information Officers (NASCIO) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have consistently championed workgroups and studies to increase the focus on the growing cyberthreats faced by state and local governments. And yet, government leaders have, for the most part, struggled to mount a successful strategy to defend against the growing number of cyberattacks coming from around the globe.

Put simply, we have been outgunned on cyber.

Is the tide turning in 2013?

Perhaps the tide is now turning – with the National Governors Association (NGA) making cybersecurity a top bipartisan priority. Last year, the NGA launched the Resource Center on Cybersecurity. Michigan Gov. Snyder and Maryland Gov. Martin O’Malley have led NGA’s Resource Center for State Cybersecurity since October 2012. This year, they have examined the role of state policy in ensuring adequate cybersecurity for state-owned and state-based infrastructure, including data and communication systems, banking and financial records, water systems and the electrical grid.

 During the NGA Mid-year meeting back in February 2013, CSPAN broadcast these hearings on States and Cybersecurity.

 New Call to Action on Cybersecurity

And now, in an event held this week at the US Capitol in Washington, the NGA released a new compelling strategy paper called Act and Adjust: A Call to Action for Governors for Cybersecurity.

This paper provides strategic recommendations governors can immediately adopt to improve their state’s cybersecurity posture. The report builds on the advice of national experts and practitioners from both the public and private sectors and recommends that states:

 - Establish a governance and authority structure for cybersecurity;

 - Conduct risk assessments and allocate resources accordingly;

 - Implement continuous vulnerability threat monitoring practices;

 - Ensure compliance with current security methodologies and business disciplines; and

 - Create a culture of risk awareness.

Coverage of the events this week included this article from the Pew Charitable Trust. Here’s an excerpt:

“As governors, we are directly responsible for ensuring the security of a wide array of state-owned assets and personally identifiable information such as tax records, driver’s licenses and birth records,” Snyder said in a statement. “We also play a critical role in ensuring that private-sector assets within our states are secure,” the former president of Gateway computers said.

Also, the Detroit News reported this:

Cyber attacks on the state of Michigan’s computer systems have increased to about 500,000 a day, he said. A recent example of a sophisticated phishing scam to 2,800 state employees said their email has exceeded their storage limit and directed them to a link to validate their mailbox. The scam resulted in 155 people clicking the link and 144 people providing personal information to the hackers, Snyder said.

“This shows you can’t take anything for granted,” said Snyder, noting the phishing scam was shut down within a hour and didn’t cause real damage.

What’s Next?

Many industry experts still believe that the country won’t “wake-up” to the importance of cybersecurity protections until a crippling “Cyber 9/11” or a “Cyber Pearl Harbor” type of event occurs. No doubt, many government and private sector leaders continue to give lip service to this topic, while quietly doing little.

However, I continue to be an optimist. I see our cyber efforts gaining more traction and getting the attention of senior government business leaders across the nation. With leaders like Governor Snyder and Governor O’Malley making the case, I see new progress. When you hear them speak on cyber topics affecting business, governments and families, the need for compelling action comes alive. More important, a forward path becomes clearer.

Now we have a bipartisan roadmap for governors. While this is only one small step, we are making progress on cyber in many state governments. When combined with President Obama’s actions on cybersecurity, the momentum going into 2014 is encouraging.

No doubt, much more needs to be done. We are still far behind the bad guys. Cyberspace has no borders, and the recent Edward Snowden incidents with the National Security Agency (NSA) have not helped.

Which brings this entire subject back to a personal level. Can you help implement the cyber-protections offered in this new roadmap in your state? America certainly needs more cyber ambassadors for good.

What are your thoughts on this NGA Call to Action?

Dan Lohrmann Chief Security Officer & Chief Strategist at Security Mentor Inc.

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.

During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.

He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.

He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.

He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.

Follow Lohrmann on Twitter at: @govcso